Vulnerability Details : CVE-2022-41862
In PostgreSQL, a modified, unauthenticated server can send an unterminated string during the establishment of Kerberos transport encryption. In certain conditions a server can cause a libpq client to over-read and report an error message containing uninitialized bytes.
Vulnerability category: Information leak
Products affected by CVE-2022-41862
- cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:integration_camel_k:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:integration_camel_quarkus:-:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:integration_service_registry:-:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
- cpe:2.3:a:postgresql:postgresql:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:8:*:*:*:*:*:*:*
Threat overview for CVE-2022-41862
Top countries where our scanners detected CVE-2022-41862
Top open port discovered on systems with this issue
80
IPs affected by CVE-2022-41862 146,097
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2022-41862!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2022-41862
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 40 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-41862
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
3.7
|
LOW | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N |
2.2
|
1.4
|
NIST |
CWE ids for CVE-2022-41862
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: secalert@redhat.com (Secondary)
References for CVE-2022-41862
-
https://bugzilla.redhat.com/show_bug.cgi?id=2165722
2165722 – (CVE-2022-41862) CVE-2022-41862 postgresql: Client memory disclosure when connecting with Kerberos to modified serverIssue Tracking;Third Party Advisory
-
https://www.postgresql.org/support/security/CVE-2022-41862/
PostgreSQL: CVE-2022-41862: Client memory disclosure when connecting, with Kerberos, to modified serverVendor Advisory
-
https://security.netapp.com/advisory/ntap-20230427-0002/
CVE-2022-41862 PostgreSQL Vulnerability in NetApp Products | NetApp Product Security
Jump to